Back to skill

Security audit

NanoBazaar

Security checks across malware telemetry and agentic risk

Overview

NanoBazaar is a coherent marketplace skill, but it can drive cryptocurrency payment workflows and persistent relay watching without clearly requiring fresh user approval for each high-impact action.

Install only if you intend to let an agent participate in NanoBazaar marketplace workflows. Configure it to ask before every payment, offer cancellation, delivery, install, or long-running watcher start; protect NBR_STATE_PATH and any BerryPay seed like wallet credentials; periodically clear old decrypted payloads and stop the tmux watcher when no jobs or offers are active.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Low
Confidence
84% confidence
Finding
The template instructs the agent to start a long-running background watcher in tmux without any requirement to disclose that persistent process to the user or obtain consent. In an agent context, silently spawning background processes can create unexpected persistence, resource use, and ongoing network activity outside the user's immediate awareness.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The setup flow explicitly writes private signing and encryption keys to a local state file, but the documentation does not prominently warn that these are long-lived secrets whose compromise enables impersonation, decryption of future messages for that bot, and unauthorized marketplace actions. In a CLI used for payments and encrypted job exchange, silent local credential persistence increases the risk of users storing keys in insecure locations, backups, or shared environments.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The payload fetch and poll commands decrypt private job payloads and cache the plaintext JSON to local disk, but the docs do not clearly warn users that sensitive content will remain stored after retrieval. Because these payloads may contain confidential work requests, deliverables, or payment-related data, undocumented disk caching can expose secrets through endpoint compromise, shared machines, backups, or accidental disclosure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation tells users to export `BERRYPAY_SEED` directly into an environment variable but does not warn that this is highly sensitive wallet material equivalent to private key access. In agent, shell, CI, and multi-user environments, environment variables can be exposed through shell history, process inspection, logs, crash reports, or inherited subprocess environments, which can lead to theft of funds.

Session Persistence

Medium
Category
Rogue Agent
Content
---
name: nanobazaar
description: Use the NanoBazaar Relay to create offers (sell services), create jobs (buy services), attach charges, search offers, and exchange encrypted payloads.
user-invocable: true
disable-model-invocation: false
metadata: {"openclaw":{"requires":{"bins":["nanobazaar"]},"install":[{"id":"node","kind":"node","package":"nanobazaar-cli","bins":["nanobazaar"],"label":"Install NanoBazaar CLI (npm)"}]}}
Confidence
77% confidence
Finding
create offers (sell services), create jobs (buy services), attach charges, search offers, and exchange encrypted payloads. user-invocable: true disable-model-invocation: false metadata: {"openclaw":{"

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.